Responsible Face AI
Trust, Privacy & Responsible Face AI
InsightFace supports enterprise teams building face AI products with privacy-aware deployment options, responsible use review, and commercial licensing workflows designed for sensitive AI applications.
Enterprise commitments
Bias mitigation as a product requirement
We treat demographic consistency as a core quality metric and continuously optimize for reliable performance across ethnicity, gender, and age groups.
Transparent data governance
We train only on authorized datasets, informed-consent private datasets, or compliant Synthetic Data, with intake and review standards aligned to enterprise procurement expectations.
Privacy by Design deployment
Our production architecture prioritizes irreversible Embedding extraction over raw image retention wherever feasible, reducing operational exposure from the start.
Algorithmic fairness
Reducing bias while pursuing universal accuracy
We follow a technology-for-all principle and aim to keep performance stable across different ethnic, gender, and age cohorts.
Diverse benchmark optimization: our models are continuously tuned on globally distributed datasets spanning five continents and many ethnic groups, with higher training weight assigned to under-represented groups to reduce recognition bias.
Balanced evaluation with Adversarial Debias: we introduce Adversarial Debias techniques and multidimensional monitoring into the R&D pipeline. Internal evaluation has driven Cross-ethnicity False Match Rate down to an industry-leading level.
Enterprise validation mindset: fairness is reviewed alongside accuracy, latency, and deployment fit so customers can assess performance with clearer risk visibility before production rollout.
Data ethics
Ethical data sourcing and privacy-first processing
Data is the foundation of AI, and privacy is the boundary. We make sourcing, scrubbing, and deployment architecture part of the compliance conversation.
Compliant sourcing: InsightFace aligns data acquisition with GDPR, CCPA, and applicable national data regulations. We use datasets with explicit authorization, private datasets collected under informed consent, and compliant Synthetic Data for augmentation.
Strict PII scrubbing: before data enters the training pipeline, raw images undergo desensitization workflows and automated scripts remove associated personally identifiable information (PII), retaining only the signals required for model learning.
Feature-based privacy protection: our core deployment architecture favors irreversible Embedding vectors instead of storing or transmitting raw images, reducing privacy leakage risk at the system-design layer.
Authorized dataset partnerships
If you can provide a properly authorized dataset for training or evaluation, contact our team. After review, we may consider paid procurement.
contact@insightface.aiData Privacy & Retention
Privacy controls you can configure under contract
Privacy posture is part of the commercial conversation. The defaults below describe how our deployments are typically configured for enterprise customers; specific behavior is established in your agreement.
Embedding-based processing is the preferred default: face features can be extracted, compared, or stored as irreversible vectors instead of raw images.
No-image-retention modes are supported: for cloud API deployments, customers can request that uploaded images are not persisted server-side beyond the active inference call.
Data retention windows are configurable under enterprise agreements rather than fixed by default, so customers can align with their internal privacy and records policies.
On-premise and edge deployments keep raw images and embeddings inside the customer environment by design, with no inference traffic leaving the customer network.
Deployment Options
Match the deployment model to your data flow
InsightFace supports multiple deployment patterns. Each one has a different data flow, and is appropriate for different sensitivity levels and operating constraints.
Cloud API
Hosted inference with no local model footprint.
- Data flow
- Images or pre-extracted embeddings are sent to a hosted endpoint over HTTPS; results are returned in the response.
- Fit for
- Pilots, lower-sensitivity workloads, fast time-to-integration, and product teams that prefer not to host models.
On-premise
Models run inside the customer's own infrastructure.
- Data flow
- All face data, embeddings, and inference traffic remain inside the customer environment. No image data is transmitted to InsightFace.
- Fit for
- Regulated industries, large-scale identity verification, KYC, access control, and customers with strict data residency requirements.
Mobile / Edge device
On-device inference via the InspireFace SDK.
- Data flow
- Images are processed on the device; only application-level signals (e.g., a match decision) need to leave the device, if any.
- Fit for
- Consumer mobile apps, embedded access control, IoT terminals, and offline / intermittent-network scenarios.
Responsible Face AI Use
Use-case review for sensitive face AI applications
Face recognition, face swap, and identity verification are sensitive applications. Commercial licensing and API access are reviewed against the intended deployment before activation.
We review the intended use case, deployment context, and end-user population before authorizing commercial face recognition or face swap models.
We expect customers to have a lawful basis for processing biometric data and to provide notice and choice to end users where required by local law.
We do not authorize use cases designed to enable surveillance of vulnerable groups, deceptive impersonation, or other applications inconsistent with responsible deployment.
Authorization can be reviewed or revoked if usage materially diverges from the agreed scope.
Face Swap Usage Policy
Prohibited use cases for face swap models and APIs
Face swap models and APIs are licensed for reviewed creative, entertainment, and product use cases. The following are explicitly out of scope and will not be authorized.
Fraud, identity theft, KYC bypass, or any attempt to defeat identity verification systems.
Impersonation of real individuals without their explicit, verifiable consent.
Harassment, bullying, defamation, or content intended to humiliate or threaten a person.
Non-consensual sexual or intimate imagery of any individual, including synthetic NCII.
Unauthorized face replacement of private individuals, minors, or vulnerable populations.
Misleading political content, fabricated statements attributed to public figures, or content designed to manipulate elections or public discourse.
Enterprise Review Materials
Materials for security, legal, and procurement review
Enterprise customers can contact our team to discuss or request the following materials as part of internal evaluation. Specific deliverables are scoped per engagement.
Data processing requirements and proposed data flow.
Security review questions and architecture diagrams.
Deployment architecture options for cloud, on-premise, or edge.
Acceptable use requirements for the chosen models or APIs.
Compliance and privacy requirements relevant to your jurisdiction.
Model evaluation methodology, including private-data benchmarking.
Operational assurances for enterprise buyers
Compliance review is incorporated into commercial discussions covering licensing scope, deployment architecture, and data-handling boundaries.
We support customer due diligence on regional requirements, privacy controls, and internal approval workflows for production rollout.
Benchmarking and governance practices are updated continuously as customer expectations, regulations, and deployment scenarios evolve.
Need a trust or compliance review for your use case?
Talk with our team about model licensing, deployment architecture, data sourcing, and evaluation requirements for your market.